Electronic Statement of Observation Report

Privacy Impact Assessment summary

Introduction

A Privacy Impact Assessment (PIA) has been conducted on the Electronic Statement Observation Report (eSOR) application. The purpose of the assessment was to determine if there are any privacy issues associated with the project or activity and to provide recommendations for their mitigation or resolution.

Proposal description

Before the implementation of eSOR, all staff members/contractors/volunteers documented activities, behaviours or information considered to be significant or out of the ordinary in a Microsoft Word Version of the Statement/Observation Report (SOR) (CSC/SCC 0875). Generally, these were only maintained on the hardcopy offender files.

The eSOR solution is a modern way for CSC staff within institutions and throughout the community offices to record SORs in a web-based portal. Furthermore, eSOR has additional integrated features such as auditing and multiple access levels that will allow restriction of access to information on a need to know basis.

Through the collection, analysis and sharing of intelligence information, eSOR directly contributes to security operations and interventions. This is achieved by supporting the case management process and identifying and managing illicit activities and security threats in institutions and in the community.

Collection, use, disclosure and retention of personal information

Sections 3 and 5(a) of the Corrections and Conditional Release Act (CCRA) mandates CSC’s responsibility for the care and custody of inmates and their safe and humane custody and supervision. In order to ensure the safety of the institution and the inmates, CSC must monitor offenders’ activities and record and report information related to security incidents. CSC also has Commissioner Directives related to the recording and reporting of security incidents.

These are:

• 566: Framework for Safe and Effective Correctional Environments
  • 566-1: Control of Entry to and Exit from Institutions
  • 566-2: Control of Vehicle Entry to and Exit from Institutions
  • 566-4: Counts and Security Patrols
  • 566-7: Searching Offenders

  • 566-8: Searching of Staff and Visitors

• 568: Management of Security Information and Intelligence
  
  • 568-1: Recording and Reporting of Security Incidents
  • 568-2: Recording and Sharing of Security Information and Intelligence
  • 568-4: Preservation of Crime Scenes and Evidence
  • 568-5: Management of Seized Items
  • 568-6: Creation, Control and Handling of Preventive Security and Intelligence Files

  • 568-7: Incompatible Offenders

• 700: Correctional Interventions
  
  • 710-8: Private Family Visits
  • 715-1: Community Supervision
  • 784: Victim Engagement
  • 786: Victim Complaints

The Personal Information Banks associated with this program are:

• Preventive Security - CSC PPU 065
• Case Management - CSC PPU 042

The eSOR application effectively changes the way SORs are completed by transitioning from the traditional paper-based format to an electronic format that is web-based. In the context of the eSOR, CSC is not collecting new personal information, but rather streamlining its reporting processes related to the eSOR form.

The portal does not differ from the traditional SOR which can consist of:

• offender identification (First name, Surname, Finger Print Selection number(FPS))
• institution or supervising office
• observations on an offender’s involvement in an incident occurring within CSC’s institutions

The primary user of SOR information is CSC. Observations contained in the eSOR report may be used to support administrative decisions, incident and intelligence investigations, disciplinary processes, and operational decisions as they relate to the safety and security of the institution, etc. These reports and the associated uses already exist as part of the traditional SOR model.

Personal information will be used most often in compliance with subsection 8(2)(a) which states that personal information under the control of a government institution may be disclosed for the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose. CSC may also disclose personal information under other subsections of section 8(2) such as to an investigative body during the course of lawful investigations and for research or statistical purposes.

Furthermore, the CCRA provides authority for disclosure of personal information in specific circumstances as outlined in Sections 25(1)(2)(3).

Offender records in the Preventive Security and Case Management banks are retained until the offender reaches 70 years of age or until five years after the last warrant expiry date, whichever is longest. The eSOR records have the same retention requirements. Historical records are transferred to Library and Archives Canada. The official report is the paper copy at the local site/institution as it holds two wet signatures (author and supervisor).